US government warns companies about security flaws on Intel chips

the US government on Tuesday urged business owners to take action on an Intel alert about security holes in widely used computer chips. The US Department of Homeland Security provided the guidance a day after Intel reported that it identified security vulnerabilities in a “Management Engine” remote management software that is sold along with eight types of processors used in enterprise computers sold by Dell Technologies, Lenovo, HP, Hewlett Packard Enterprise and other manufacturers. Security experts say it was unclear how difficult it would be to exploit vulnerabilities to launch attacks, though they have discovered that the flaw is troubling because it affects widely used chips. “These vulnerabilities essentially affect all Intel-based business computers and servers running in the last two years,” said Jay Little, security engineer at Trail of Bits. For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need the administrator’s username and password, Little said. The hacker could hack in without these credentials if he wants to have physical access to the computer, he added. Intel said it was not aware of any cases in which hackers exploited the vulnerability in a cyber attack.